Cisco AAA/Identity/Nac :: ACS Controlling Users Access On Symbol WS6000

Dec 29, 2010

i want to control manageent access to symbol Wireless Switch WS6000 with my ACS. the issue is that i can't find the Vendor Specific Attributes forSymbol devices. i wonder if theres a way to control it with IETF or Other Radius Attributes.

View 3 Replies


ADVERTISEMENT

Cisco VPN :: 5520 Controlling Remote Site Access Through LAN-to-LAN

Mar 19, 2013

We have 2 5520 ASA's working in an active/standby function at our central site. The remote agencies have control of their ASA's or other devices able to create VPN tunnels back to the central site. When a new remote agency wants to connect to our central site we assign them a network range that is routable on the central sites network.We ask that the remote agency NAT into the addresses we provided them.This way we are able to route back to them. We assign the interesting traffic and then they we start communicating by way of the tunnel.  
 
Since the central site can't control the traffic coming in on the site to site tunnel other than just defining the interesting traffic AND we aren't able to control the NAT on the remote end how can I put an access list on the central site ASA to allow only certain ports and IP's by way of access list?   Ultimately, I'm trying to limit traffic on the central site coming inbound to only allow traffic I want.  I tried applying a group policy to the lan2lan site to site tunnel, but it failed for some reason. It actually prevented all traffic. Can I apply a group policy to a site-to-site tunnel?  
 
I'm struggling here a bit as I don't have control of the remote end.   They can NAT whatever they want to an address in the range we assigned them.   The tunnels interesting traffic is set to full ip to the central site's destination.  The interesting traffic on the central site is set the same. However, on the central side...I want to limit that traffic to only certain ports by way of an acl.  If it is possible to assign a site-to-site tunnel a group policy and filtering is done in that method, can                  

View 3 Replies View Related

D-Link DIR-655 :: Controlling Device Access On Network

Feb 6, 2012

I have a new audio/video receiver that has Apple Airplay functionality built in.  Now the Airplay allows any Iphone/pod/pad/tunes device/computer on the same network to route music to the receiver without plugging in the device directly.  Great concept but the execution allows any computer or iphone in my house on the network to take over my receiver with no questions asked and start playing. 

So far I have failed to find a way to restrict or shut off Airplay on the device itself (other than disabling it's network).  If there is anyway through networking or my DIR-655 router to control/restrict this access?  What I would like in a perfect world is to keep all computers and wireless Apple I devices from connecting to the unit unless I allow it for that particular device/computer.  In an imperfect world I would accept just blocking wireless devices from it but still allowing them full network connectivity otherwise.Some things I have thought of - Can I use static addressing for the A/V receiver but put it on a different subnet then what my router is set to?  Is there some network control in the firewall that may limit access to the A/V receiver?

View 14 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Screenshot Of All Users That Have Access To Configure Firewall

Jul 26, 2012

I have an auditor wanting a screenshot of all users that have acces to configure our firewall, I am unfamiliar with 5.1. Is there a way of running such a report on a paticular device?

View 1 Replies View Related

Dlink DIR 615 / Good Router For Controlling Internet Access

Feb 21, 2011

I have a Dlink DIR 615 , I can never get it to manage the time correctly, even without any down time the time always goes off by hours or days. I tried using an NTP server option... 3.ca.pool.ntp.org but it doesn't work.... so I am not able to schedule the internet effectively router that they have that keeps the time and allows them to control the Internet access that would be good. My kids are teenagers so sometimes it is like talking to a wall trying to get them to control their internet, I can easily block them entirely as I have Mac filtering set, and I will do this, but I would like to not have to constantly check to see if they are online which is easily done with Ipods.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.3 Authenticate Wireless Users / Admin Access To WLC / Switches

Mar 13, 2013

Deployed two Cisco ISE 1.1.3. ISE will be used to authenticate wireless users, admin access to WLC and switches. Backend database is Microsoft AD running on Windows Server 2012. Existing Cisco ACS 4.2 still running and authenticating users. There are two Cisco WLCs version 7.2.111.3.Wireless users authenticates to AD through ACS 4.2 works. Admin access to WLC and switches to AD through ISE works. Wireless authentication using PEAP-MSCHAPv2 and admin access wtih PAP/ASCII.

Wireless users cannot authenticate to AD through ISE. The below is the error message "11051 RADIUS packet contains invalid state attribute" & "24444 Active Directory operation has failed because of an unspecified error in the ISE".Conducted a detailed test of AD from ISE. The test was successful and the output seems all right except for the below: [code]

Update:

1) Built another Cisco ISE 1.1.3 sever in another datacentre that uses the same domain but different domain controller. Thais domain controller is running Windows Server 2008. This works and authentication successful.

2) My colleague tested out in a lab environment of Cisco ISE 1.1.2 with Windows Server 2012. He got the same problem as described.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS 3415 - Users Access Our Site Using VPN Client Connecting To ASA5550

Jun 3, 2013

I currently have a Cisco ACS 3415 appliance with 5.4. Coming from the ACS 4.2 world, I'm have a bit of a struggle creating the following and I was hoping if I could be shown clear steps I can duplicate the rest.
 
I want to creat a group ie: AIRTEMP with access time from 7:00am to 5:00pm and add 2 users to the group.
 
Users access our site using a vpn client connecting to a ASA5550. The ASA and the ACS already communicate with each other.
 
The ACS 5.4 user guide has me bouncing all over different page.

View 5 Replies View Related

Cisco AAA/Identity/Nac :: Authenticate VPN Users Via ACS 5.4 And AD Via External Identity Store

Feb 22, 2013

I have installed ACS 5.4 and we are looking to authenticate our Anyconnect users with ACS via Active Directory. I think I have the correct commands in our ASA ( we had ACS 4 and authenticated our anyconnect users ).
 
I also have configured ACS to use Active Directory  and installed the server side cert in ACS. I'm just uncertain how to program ACS to use the security group that I have setup in Active Directory.

View 6 Replies View Related

Wifi Symbol Is Showing On Vostro But Its Not Connecting With Net

Nov 22, 2012

is driver compulsory for wifi .tell me how to connect to wifi as i am unable to connect

View 1 Replies View Related

Cisco Wireless :: 5508 - Configuring EAP-FAST To Use With Symbol MC3090

Aug 7, 2011

I have configured EAP-FAST local authentication on a 5508 running 7.0.116.0.  I am trying to connect using a motorola/symbol MC3090.  In the handheld, It appears to be failing due to receiving no PAC.  On the 5508, it just looks like a timeout.  Are the PACs created on the 5508 automatically, or do I need to generate one? 

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Importing Users From ACS 4.x To ACS 5.x

Jun 24, 2012

Is it possible to export internal ACS users from an ACS 4.x Windows (On ESXi), solution to an ACS 5.x solution. All I want to be able to do is export usernames and passwords out of the 4.x solution and then import them into the 5.x solution. I thought maybe the CSUtil program be used ?

View 3 Replies View Related

AAA/Identity/Nac :: Authenticate LAN Users Via Cisco 2911

Feb 9, 2012

We have remote users that dial-in over ISDN to a Cisco 2911. We have configured AAA to pass the authentication off to a RADIUS server. Once successfully authenticated, the router permits the users to access a single web server. However, we need to do some testing in our test environment, but unfortunately we don't have an ISDN line to test with. We have created a little environment in our LAB using a 2911, a switch, a RADIUS server & web server. I was hoping that we could simply create a "user" VLAN off the back of the 2911 to simulate our remote users, and access the web site from the test usr PC's over the LAN. I was hoping that the 2911 would be able to intercept the connection and pass the authentication off to the RADIUS server (as it does with the PPP ISDN traffic). But I cannot find anyway to do this, because I can only configure AAA to offload either PPP traffic or telnet/ssh connections to the router itself.
 
In summary what I want is for a user to access an internal web site over a LAN interface of a 2911 - but have the 2911 authenticate the user via a remote RADIUS server first. Is there a way to configure a 2911 (or any router!) to do this?Is the answer to configure port-based authentication (802.1X) on the switch?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.0 - VPN Authentication And IP Pools For Users

Mar 19, 2012

How to configure the ACS5.0 radius for remote access VPN authentication.
 
And how could I implement the IP Pools for the VPN users.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: How To Show Logged In Users In ACS 5.1

Sep 5, 2011

After some time no using Cisco ACS5.1, I still don't know how I can see all logged in users. I can see logging and check why an log in goes wrong, but in ACS 3.2 I just clicked on Reports and Activity and I could choose to see logged in users, or failed attempts, etc.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Authenticate Wireless Users With 802.1x

Jun 9, 2011

I have an issue with an implementation, I had a ACS R5.1 that I'm using to authenticate the wireless users with 802.1x, that's OK and working fine. Now I want to use the same ACS to authenticate wired users using MAB (for IP phones, printers, servers, and other devices) and 802.1x (for corporate users). I already configured the authentication services (MAB and 802.1x) on ACS, but when I'm doing tests I can see that for example the phones are trying to authenticate using the 802.1x rules of wireless connection, not using the MAB rules. [code]
 
You could also see an screen from the ACS in the attached file. On the picture remark you could see a IP Phone trying to authenticate using the wireless Access Services insted of using MAB.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS V5.2 - Any Limitations On Import Users

Mar 21, 2012

on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 - Create Dashboard For All Users?

Apr 28, 2013

I'm at the point of setting up admin access for engineers needing to have insight into the operations and status of our ACS 5.3 systems. any way to create a Dashboard that can be applied to all admin user accounts? (perhaps a custom role?)I've been able to customize the dashboard for my own account to show what is most relevant, but am unable to figure out how to apply this layout and setup to all other users.
 
Basically, I have a number of folks that need to see this data, but that I can't exactly count on to setup their own dashboards to show the important details.  If there were some way to build a tab/dashboard/portlet, etc (whatver it may be) and have it apply to all users, that would save me TONS of work so that I don't have to login to each person's account and set things up for them.For example, I want to have all users see a tab/dashboard that shows the applet "Live Authentications", but with the protocol already configured to display TACACS vs the default which is RADIUS.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS V5.1.0.44 / WLC 5508 / Cannot Get Users To Authenticate

Sep 25, 2011

Having an issue with Cisco ACS v5.1.0.44 and the Cisco WLC 5508. Cannot get users to authenticate and keep getting error messages referring to EAP session timeouts from WLC filling our logs. Seems to be with this model WLC because we have Cisco 4400 WLCs pointing to the same ACS with no issues. Is there a bug or special configuration that is necessary to marry the 5508 with ACS v5.1.0.44?

View 9 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 - Authenticate Only Specific AD Users

Jul 22, 2012

Is it possible for ACS 5.1 to only allow specific AD users to authenticate the switches and routers? Currently What I have configured is only for all AD users. I can't seem to find a way to be selective.

View 9 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.x Admin Users Authentication Against AD

Apr 23, 2012

Do you know if it's possible to use ACS 5.x in such manner that the admin users (so not the end users, but the administrator users of ACS) are authenticated against and external database, like Active Directory?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 RSA Users Not Getting Level 15 Privilege?

Jun 13, 2011

I have cisco ACS 5.2 and external identity source as RSA secure ID.Currently when the RSA user login to AAA Network devices, User id & passcode prompt coming after giving the credential its going to user exec mode.Then after "enable" command again asking for Passcode giving passcode then user able to logged in successfully.
 
I need RSA users to get direct privlege level15 (privlege mode) ? no need to ask enable password ? 

I checked this for local ACS users it is working and loca users getting directly privelege mode access...

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 With Mac Authentication To Users Wireless

Mar 14, 2013

I'm working with a cisco wlc and acs 5.3 . I have two profile or ssid's and one of them is working with web authentication and the accounts exists in the local database of cisco acs.
 
I'll would like to know how can i should configure mac authentication on the cisco acs 5.3?
 
My purpose is authenticate users first by mac, and second by the account of local users in the cisco acs.

View 10 Replies View Related

AAA/Identity/Nac :: ACS 4.2 Radius Authentication For SSL VPN Users

Dec 22, 2012

Using Cisco ASA I want the  ssl clientless vpn users to be authenticated through a local Radius-Server. but it does not work, and on asa while i want to see (Debug Radius) output, there is no debuging msgs displayed.    When i try to test the user which i have created on the ACS-Server 4.2,  the test gets successful.  where i have made a mistake in my configuration ?

View 2 Replies View Related

AAA/Identity/Nac :: 3355 - Deploy NAC For 500 To 600 Users Across WAN?

Jan 24, 2013

We want to deploy NAC for 500-600 users across WAN. We are planning for L3-OOB-Real Gateway central deployment Solution.We are having two NAC Server (3355) two NAC manger (3355) at HQ and 6 NAC Server(3315) at branch. We deployed NAC under VRF.How we can deploy NAC over WAN without NAC Server, need step by step configuration under VRF.

View 1 Replies View Related

Cisco WAN :: Controlling Router Via SMS By EHWIC-3G-HSPA

Apr 21, 2013

I need to make some perfomances (like up/down GRE tunnels) on Cisco ISR 2921 by sending SMS. It could be doing by using 3G modem like a Huawei and a server with some expect/SSH-scripts.

But ISR gen.2 has EHWIC-3G modules, which working with GSM networks and they can send/recieve SMS. I think, that it should be an EEM event or some another way to track comming SMS and process it by TCL-script — get a sender number, SMS body and make usefull perfomances on my router (up/down GRE tunnels in my case).

If I done this trick only by using an ISR router and EHWIC-3G module, it will be much more stable scheme in that we dont have extra components (server, modem) potentially may falls.

Unfortunately, there are too low information about configuring this modules (especially, SMS-part) and I dont find usefull for me.

View 2 Replies View Related

Controlling Particular System Internet With Router

Mar 2, 2012

In office we have a broadband internet to 6 systems one router .I want to control the partcular system internet

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 5525 Ignoring Users Using AD Agent

May 13, 2013

its been a while since I configured a Cisco firewall (PIX 6.0, SDM) - I've now been thrown in the deep end with a pair of 5525-X's (Latest Software) and I need to achieve the belowWebsense integration (Got this working)AAA Authentication for various outbound traffic routes.I'm using ASDM as I'm more comfortable with the GUI than CLI (I'm the other way round with switches!!!), I have AD Agent configured but the ASA isn't doing anything based on User Name but I have a few other things to try. What I'm trying to achieve now is ignoring certain user names from being matched to IP Addresses as I believe that this may have something to do with it.We use Sophos AV and each PC requires a Service Account to run Sophos under. Each update that Sophos attempts is seen as a login and that is the user attached to the IP Address of the machine. Within Websense, it can be told to ignore certain users for purposes of filtering and reporting etc.. but I dont seem to be able to do this with the AD Agent.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Limit AAA Authentication For Certain Users By Source IP

Jul 1, 2012

we have TACACS+ based AAA on our network equipment, authenticating against internal user database on a network of ACS 5.3s.What I want is to limit certain AAA users (namely automated tools) to be only permitted to authenticate from a list of known IPs.I can do this for authorization, easily, that isn't a problem. The problem is to only accept authentication attempts coming from certain IPs and ignore the rest. My problem is, as it is currently, the automated tools are prone to a sort of a DoS attack - if I attempt logging in to any device using the tool's user account and a wrong password, I can get the account disabled in five tries.
 
I want to ignore all authentication attempts, unless they are coming from well known source IPs.Ex: netmon user is the user for a tool running on server 10.20.30.40. If I try to log in from my own laptop with user netmon, it should fail, and the attempt ignored. Currently after five (or whatever is configured) failed attempts, the user will be disabled. Oly attempts from 10.20.30.40 should be considered for user netmon.I can't use ACLs on the devices, as I want other users to be able to log in from other IPs.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Adding And Updating Users Automatically

Mar 16, 2011

I have a Cisco ACS 5.2 and have set it up as a RADIUS server. I was wondering if there is a way to add and update users automatically? We have a large number of users > 1000 that need to be added into the system and I don't want to do this manually. These users also update their passwords on a regular basis so I would need a script that would update the users automatically without any user intervention.

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Active Directory Users Cache?

Jun 9, 2013

I've successfully integrated ACS 5.3 with Active Directory for 802.1x implementation. Now i want to cache Active Directory users in ACS so that the user request from ACS does not go to AD every time.
 
After a certain time period the ACS database gets sync with AD.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Failure To Authenticate Windows Users

Apr 8, 2009

The ACS can authenticate people using local database , it can also authenticate a single user (using windows database) if you are fast after the service is restarted , however after a few secounds, it fails to authenticate any users  , the error we are seeing on the logs appear as authentication failure type : internal error. Also on the log files, the authentication request from the user does not appear in the correct group, it is thrown into the default group.

View 7 Replies View Related

Cisco AAA/Identity/Nac :: Downloadable ACL For VPN Users - ACS 4.1 And 1841 Router

Mar 6, 2011

I have configured 1841 router as VPN server. All VPN users are getting authenticated using radius in ACS 4.1 I need to apply per-user downloadable ACL.
 
I have configured ACS for the Downlodabale ACL. Even ACS report acivity shows that ACL is applied to the authenticated user, but the traffic is not blocked or passed accordingly.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.4 Drop Users Into Enable Mode?

Apr 11, 2013

I am trying to get users in the external identity store (AD) to be dropped directly into enable mode after being authenticated, since I don't know of a way to set an enable password for users in an external identity store. I think it has something to do with shell attributes but I'm not realy sure.
 
So here's what I tried.Linking identity group to external group and provide full command priviliges - enable still didn't work Creating duplicate users in the internal identity store and setting the password type field to AD1 - That gives me the ability to get to the enable password prompt hit enter on the blank promt then prompts for Old and new passwords but fails everytime with an Error in Authentication.

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved